aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--toys/other/nsenter.c29
1 files changed, 20 insertions, 9 deletions
diff --git a/toys/other/nsenter.c b/toys/other/nsenter.c
index bda77ac1..13757280 100644
--- a/toys/other/nsenter.c
+++ b/toys/other/nsenter.c
@@ -13,7 +13,7 @@
// Note: flags go in same order (right to left) for shared subset
USE_NSENTER(NEWTOY(nsenter, "<1F(no-fork)t#<1(target)i:(ipc);m:(mount);n:(net);p:(pid);u:(uts);U:(user);", TOYFLAG_USR|TOYFLAG_BIN))
-USE_UNSHARE(NEWTOY(unshare, "<1^rimnpuU", TOYFLAG_USR|TOYFLAG_BIN))
+USE_UNSHARE(NEWTOY(unshare, "<1^f(fork);r(map-root-user);i:(ipc);m:(mount);n:(net);p:(pid);u:(uts);U:(user);", TOYFLAG_USR|TOYFLAG_BIN))
config UNSHARE
bool "unshare"
@@ -25,13 +25,14 @@ config UNSHARE
Create new container namespace(s) for this process and its children, so
some attribute is not shared with the parent process.
- -i SysV IPC (message queues, semaphores, shared memory)
- -m Mount/unmount tree
- -n Network address, sockets, routing, iptables
- -p Process IDs and init
- -r Become root (map current euid/egid to 0/0, implies -U)
- -u Host and domain names
- -U UIDs, GIDs, capabilities
+ -f Fork command in the background (--fork)
+ -i SysV IPC (message queues, semaphores, shared memory) (--ipc)
+ -m Mount/unmount tree (--mount)
+ -n Network address, sockets, routing, iptables (--net)
+ -p Process IDs and init (--pid)
+ -r Become root (map current euid/egid to 0/0, implies -U) (--map-root-user)
+ -u Host and domain names (--uts)
+ -U UIDs, GIDs, capabilities (--user)
A namespace allows a set of processes to have a different view of the
system than other sets of processes.
@@ -50,7 +51,7 @@ config NSENTER
The namespaces to switch are:
-i SysV IPC: message queues, semaphores, shared memory (--ipc)
- -m Mount/unmount tree (--mnt)
+ -m Mount/unmount tree (--mount)
-n Network address, sockets, routing, iptables (--net)
-p Process IDs and init, will fork unless -F is used (--pid)
-u Host and domain names (--uts)
@@ -102,6 +103,11 @@ static int test_r()
return toys.optflags & FLAG_r;
}
+static int test_f()
+{
+ return toys.optflags & FLAG_f;
+}
+
// Shift back to the context GLOBALS lives in (I.E. matching the filename).
#define CLEANUP_unshare
#define FOR_nsenter
@@ -127,6 +133,11 @@ void unshare_main(void)
if (unshare(f)) perror_exit(0);
if (test_r()) handle_r(euid, egid);
+ if (test_f()) {
+ toys.exitval = xrun(toys.optargs);
+
+ return;
+ }
// Bind to existing namespace(s)?
} else if (CFG_NSENTER) {
char *nsnames = "user\0uts\0pid\0net\0mnt\0ipc";